October 2012 - Devel - libvirt List Archives

[libvirt] [PATCH] Fix disabling of apparmor security driver
by Christophe Fergeau 21 Oct '12

21 Oct '12

When using --without-apparmor --without-secdriver-apparmor, configure will fail saying that AppArmor development package must be installed. This is caused by a small bug in --with-secdriver-apparmor handling in configure.ac which treats --without-secdriver-apparmor as if the user had requested to enable apparmor. --- configure.ac | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 13967e9..6ffcb03 100644 --- a/configure.ac +++ b/configure.ac @@ -1562,7 +1562,8 @@ AC_ARG_WITH([secdriver-apparmor], if test "$with_apparmor" != "yes" ; then if test "$with_secdriver_apparmor" = "check" ; then with_secdriver_apparmor=no - else + fi + if test "$with_secdriver_apparmor" != "no" ; then AC_MSG_ERROR([You must install the AppArmor development package in order to compile libvirt]) fi else -- 1.7.12.1

1 1

[libvirt] [PATCH] Log file name passed to virConfReadFile
by Cole Robinson 21 Oct '12

21 Oct '12

--- src/util/conf.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/util/conf.c b/src/util/conf.c index 4df62b1..346b3df 100644 --- a/src/util/conf.c +++ b/src/util/conf.c @@ -35,6 +35,7 @@ #include "conf.h" #include "util.h" #include "c-ctype.h" +#include "logging.h" #include "memory.h" #include "virfile.h" @@ -763,6 +764,8 @@ virConfReadFile(const char *filename, unsigned int flags) int len; virConfPtr conf; + VIR_DEBUG("filename=%s", NULLSTR(filename)); + if (filename == NULL) { virConfError(NULL, VIR_ERR_INVALID_ARG, __FUNCTION__); return NULL; -- 1.7.11.7

2 2

[libvirt] [PATCH] docs: virsh: clarify behavior of send-key
by Cole Robinson 21 Oct '12

21 Oct '12

https://bugzilla.redhat.com/show_bug.cgi?id=860004 --- tools/virsh.pod | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/tools/virsh.pod b/tools/virsh.pod index 0481e1f..8a30ce2 100644 --- a/tools/virsh.pod +++ b/tools/virsh.pod @@ -1295,6 +1295,10 @@ will be held for that many milliseconds. The default codeset is B<linux>, but use of the I<--codeset> option allows other codesets to be chosen. +If multiple keycodes are specified, they are all sent simultaneously +to the guest, and they may be received in random order. If you need +distinct keypresses, you must use multiple send-key invocations. + =over 4 =item B<linux> @@ -1359,10 +1363,14 @@ bit of the first byte. No symbolic names are provided. =back B<Examples> - # send three strokes 'k', 'e', 'y', using xt codeset + # send three strokes 'k', 'e', 'y', using xt codeset. these + # are all pressed simultaneously and may be received by the guest + # in random order virsh send-key dom --codeset xt 37 18 21 + # send one stroke 'right-ctrl+C' virsh send-key dom KEY_RIGHTCTRL KEY_C + # send a tab, held for 1 second virsh send-key --holdtime 1000 0xf -- 1.7.11.7

2 2

[libvirt] [PATCH] daemon: Avoid 'Could not find keytab file' in syslog
by Cole Robinson 21 Oct '12

21 Oct '12

On F17 at least, every time libvirtd starts we get this in syslog: libvirtd: Could not find keytab file: /etc/libvirt/krb5.tab: No such file or directory This comes from cyrus-sasl, and happens regardless of whether the gssapi plugin is requested, which is what actually uses /etc/libvirt/krb5.tab. While cyrus-sasl shouldn't complain, we can easily make it shut up by commenting out the keytab value by default. Also update the keytab comment to the more modern one from qemu's sasl config file. --- daemon/libvirtd.sasl | 9 ++++++--- docs/auth.html.in | 3 ++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/daemon/libvirtd.sasl b/daemon/libvirtd.sasl index e24a130..bfa056f 100644 --- a/daemon/libvirtd.sasl +++ b/daemon/libvirtd.sasl @@ -18,9 +18,12 @@ mech_list: digest-md5 # qemu+tcp://hostname/system?auth=sasl.gssapi #mech_list: digest-md5 gssapi -# MIT kerberos ignores this option & needs KRB5_KTNAME env var. -# May be useful for other non-Linux OS though.... -keytab: /etc/libvirt/krb5.tab +# Some older builds of MIT kerberos on Linux ignore this option & +# instead need KRB5_KTNAME env var. +# For modern Linux, and other OS, this should be sufficient +# +# There is no default value here, uncomment if you need this +#keytab: /etc/libvirt/krb5.tab # If using digest-md5 for username/passwds, then this is the file # containing the passwds. Use 'saslpasswd2 -a libvirt [username]' diff --git a/docs/auth.html.in b/docs/auth.html.in index 60e4f11..d792eb1 100644 --- a/docs/auth.html.in +++ b/docs/auth.html.in @@ -233,7 +233,8 @@ The SASL mechanism configured by default is DIGEST-MD5, which provides a basic username+password style authentication. To enable Kerberos single-sign-on instead, the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>. The <code>mech_list</code> parameter must first be changed to <code>gssapi</code> -instead of the default <code>digest-md5</code>. If SASL is enabled on the UNIX +instead of the default <code>digest-md5</code>, and keytab should be set to +<code>/etc/libvirt/krb5.tab</code> . If SASL is enabled on the UNIX and/or TLS sockets, Kerberos will also be used for them. Like DIGEST-MD5, the Kerberos mechanism provides data encryption of the session. </p> -- 1.7.11.7

2 2

[libvirt] [PATCH] Log parameters passed to virFileMakePath
by Cole Robinson 21 Oct '12

21 Oct '12

--- src/util/util.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/util/util.c b/src/util/util.c index bf60837..117a50f 100644 --- a/src/util/util.c +++ b/src/util/util.c @@ -1261,6 +1261,8 @@ static int virFileMakePathHelper(char *path, mode_t mode) struct stat st; char *p; + VIR_DEBUG("path=%s mode=0%o", path, mode); + if (stat(path, &st) >= 0) { if (S_ISDIR(st.st_mode)) return 0; -- 1.7.11.7

2 2

[libvirt] [libvirt-tck PATCH] Use recent Fedora version
by Guido Günther 21 Oct '12

21 Oct '12

F12 isn't available on standard mirrors anymore. --- conf/ks.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/ks.cfg b/conf/ks.cfg index de82a26..b6269e9 100644 --- a/conf/ks.cfg +++ b/conf/ks.cfg @@ -1,6 +1,6 @@ install text -url --url=http://ftp-stud.hs-esslingen.de/Mirrors/fedora.redhat.com/linux/releases/12/Fedora/i386/os/ +url --url=http://ftp-stud.hs-esslingen.de/Mirrors/fedora.redhat.com/linux/releases/17/Fedora/i386/os/ lang en_US.UTF-8 keyboard de-latin1-nodeadkeys network --device eth0 --bootproto dhcp -- 1.7.10.4

2 2

[libvirt] [libvirt-tck PATCH] Debian calls mkisofs genisoimage
by Guido Günther 21 Oct '12

21 Oct '12

so check for that too when generating the iso. --- lib/Sys/Virt/TCK/NetworkHelpers.pm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/Sys/Virt/TCK/NetworkHelpers.pm b/lib/Sys/Virt/TCK/NetworkHelpers.pm index f7f6d70..5e1bac1 100644 --- a/lib/Sys/Virt/TCK/NetworkHelpers.pm +++ b/lib/Sys/Virt/TCK/NetworkHelpers.pm @@ -32,8 +32,10 @@ sub build_cdrom_ks_image { unless (-e $isoimage) { my $isofiledir = $tck->bucket_dir($bucket1); my $ksfile = $tck->get_scratch_resource($ks, $bucket1, "ks.cfg"); + my @progs = `which mkisofs genisoimage`; + chomp(@progs); - `mkisofs -o "$isoimage" $isofiledir`; + `$progs[0] -o "$isoimage" $isofiledir`; } return ($isoimage, "cdrom:/ks.cfg"); -- 1.7.10.4

2 2

[libvirt] [PATCH] network: don't allow multiple default portgroups
by Laine Stump 21 Oct '12

21 Oct '12

This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=868483 virNetworkUpdate, virNetworkDefine, and virNetworkCreate all three allow network definitions to contain multiple <portgroup> elements with default='yes'. Only a single default portgroup should be allowed for each network. This patch updates networkValidate() (called by both virNetworkCreate() and virNetworkDefine()) and virNetworkDefUpdatePortGroup (called by virNetworkUpdate() to not allow multiple default portgroups. --- src/conf/network_conf.c | 35 ++++++++++++++++++++++++++--------- src/network/bridge_driver.c | 12 ++++++++++++ 2 files changed, 38 insertions(+), 9 deletions(-) diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c index 2f9ad2e..8976f2a 100644 --- a/src/conf/network_conf.c +++ b/src/conf/network_conf.c @@ -2752,7 +2752,8 @@ virNetworkDefUpdatePortGroup(virNetworkDefPtr def, /* virNetworkUpdateFlags */ unsigned int fflags ATTRIBUTE_UNUSED) { - int ii, ret = -1; + int ii, foundName = -1, foundDefault = -1; + int ret = -1; virPortGroupDef portgroup; memset(&portgroup, 0, sizeof(portgroup)); @@ -2766,9 +2767,11 @@ virNetworkDefUpdatePortGroup(virNetworkDefPtr def, /* check if a portgroup with same name already exists */ for (ii = 0; ii < def->nPortGroups; ii++) { if (STREQ(portgroup.name, def->portGroups[ii].name)) - break; + foundName = ii; + if (def->portGroups[ii].isDefault) + foundDefault = ii; } - if (ii == def->nPortGroups && + if (foundName == -1 && ((command == VIR_NETWORK_UPDATE_COMMAND_MODIFY) || (command == VIR_NETWORK_UPDATE_COMMAND_DELETE))) { virReportError(VIR_ERR_OPERATION_INVALID, @@ -2776,7 +2779,7 @@ virNetworkDefUpdatePortGroup(virNetworkDefPtr def, "in network '%s' matching <portgroup name='%s'>"), def->name, portgroup.name); goto cleanup; - } else if (ii < def->nPortGroups && + } else if (foundName >= 0 && ((command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST) || (command == VIR_NETWORK_UPDATE_COMMAND_ADD_LAST))) { virReportError(VIR_ERR_OPERATION_INVALID, @@ -2787,11 +2790,25 @@ virNetworkDefUpdatePortGroup(virNetworkDefPtr def, goto cleanup; } + /* if there is already a different default, we can't make this + * one the default. + */ + if (command != VIR_NETWORK_UPDATE_COMMAND_DELETE && + portgroup.isDefault && + foundDefault >= 0 && foundDefault != foundName) { + virReportError(VIR_ERR_OPERATION_INVALID, + _("a different portgroup entry in " + "network '%s' is already set as the default. " + "Only one default is allowed."), + def->name); + goto cleanup; + } + if (command == VIR_NETWORK_UPDATE_COMMAND_MODIFY) { /* replace existing entry */ - virPortGroupDefClear(&def->portGroups[ii]); - def->portGroups[ii] = portgroup; + virPortGroupDefClear(&def->portGroups[foundName]); + def->portGroups[foundName] = portgroup; memset(&portgroup, 0, sizeof(portgroup)); } else if ((command == VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST) || @@ -2816,9 +2833,9 @@ virNetworkDefUpdatePortGroup(virNetworkDefPtr def, } else if (command == VIR_NETWORK_UPDATE_COMMAND_DELETE) { /* remove it */ - virPortGroupDefClear(&def->portGroups[ii]); - memmove(def->portGroups + ii, def->portGroups + ii + 1, - sizeof(*def->portGroups) * (def->nPortGroups - ii - 1)); + virPortGroupDefClear(&def->portGroups[foundName]); + memmove(def->portGroups + foundName, def->portGroups + foundName + 1, + sizeof(*def->portGroups) * (def->nPortGroups - foundName - 1)); def->nPortGroups--; ignore_value(VIR_REALLOC_N(def->portGroups, def->nPortGroups)); } else { diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index 1c97f29..8837843 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -2618,6 +2618,7 @@ networkValidate(virNetworkDefPtr def) { int ii; bool vlanUsed, vlanAllowed; + const char *defaultPortGroup = NULL; /* The only type of networks that currently support transparent * vlan configuration are those using hostdev sr-iov devices from @@ -2638,6 +2639,17 @@ networkValidate(virNetworkDefPtr def) == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH)) { vlanAllowed = true; } + if (def->portGroups[ii].isDefault) { + if (defaultPortGroup) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("network '%s' has multiple default " + "<portgroup> elements (%s and %s), " + "but only one default is allowed"), + def->name, defaultPortGroup, + def->portGroups[ii].name); + } + defaultPortGroup = def->portGroups[ii].name; + } } if (vlanUsed && !vlanAllowed) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, -- 1.7.11.7

2 2

[libvirt] 0.10.2 virtualport profileid (802.1Qbh) malformed
by Tom Lanyon 21 Oct '12

21 Oct '12

Hi, I've just upgraded a test libvirtd host to 0.10.2 from 0.9.4 to be able to make use of the new 'virsh net-update add portgroup' live updates, however can't get my private/802.1Qbh interfaces working at all after the upgrade. Trying to start an existing domain or install a new domain after the upgrade gives: "ERROR internal error corrupted profileid string" and a corresponding error in the libvirtd log: "error : virNetDevVPortProfileMerge:381 : internal error corrupted profileid string" I've tried all sorts of profileid combinations and tried defining the virtualport in the domain instead of in the network, to no avail. The source indicates this is to do with a malformed (not null terminated) profile id when merging the port profile. Why would this be happening? Any hints how to debug it? My example network definition: <network> <name>testnet</name> <uuid>76d32a2d-8433-6873-9c15-cdae30e7a632</uuid> <forward dev='eth1' mode='private'> <interface dev='eth1'/> <interface dev='eth2'/> <interface dev='eth3'/> ... </forward> <portgroup name='server1' default='yes'> <virtualport type='802.1Qbh'> <parameters profileid='profile-server1'/> </virtualport> </portgroup> <portgroup name='server2'> <virtualport type='802.1Qbh'> <parameters profileid='profile-server2'/> </virtualport> </portgroup> <portgroup name='server3'> <virtualport type='802.1Qbh'> <parameters profileid='profile-server3'/> </virtualport> </portgroup> </network> and a domain definition which throws an error on start-up: <interface type='network'> <mac address='52:54:00:d1:94:5f'/> <source network='testnet' portgroup='server1'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> Tom

2 1

[libvirt] [PATCH 0/4] snapshot: work towards external system checkpoint
by Eric Blake 20 Oct '12

20 Oct '12

I've previously posted 1/4, it is now rebased to latest and some bugs fixed that I found while testing later patches: https://www.redhat.com/archives/libvir-list/2012-August/msg01252.html The other three are new. My next snapshot task will be hooking up external snapshots for an offline domain. Eric Blake (4): snapshot: new XML for external system checkpoint snapshot: improve disk align checking snapshot: populate new XML info for qemu snapshots snapshot: merge pre-snapshot checks docs/formatsnapshot.html.in | 11 ++ docs/schemas/domainsnapshot.rng | 23 ++++ src/conf/snapshot_conf.c | 91 ++++++++++---- src/conf/snapshot_conf.h | 4 + src/qemu/qemu_driver.c | 133 ++++++++++----------- tests/domainsnapshotxml2xmlin/external_vm.xml | 10 ++ tests/domainsnapshotxml2xmlin/noparent.xml | 9 ++ tests/domainsnapshotxml2xmlout/all_parameters.xml | 1 + tests/domainsnapshotxml2xmlout/disk_snapshot.xml | 1 + tests/domainsnapshotxml2xmlout/external_vm.xml | 43 +++++++ tests/domainsnapshotxml2xmlout/full_domain.xml | 1 + tests/domainsnapshotxml2xmlout/metadata.xml | 1 + tests/domainsnapshotxml2xmlout/noparent.xml | 1 + .../noparent_nodescription.xml | 1 + .../noparent_nodescription_noactive.xml | 1 + tests/domainsnapshotxml2xmltest.c | 1 + 16 files changed, 241 insertions(+), 91 deletions(-) create mode 100644 tests/domainsnapshotxml2xmlin/external_vm.xml create mode 100644 tests/domainsnapshotxml2xmlin/noparent.xml create mode 100644 tests/domainsnapshotxml2xmlout/external_vm.xml -- 1.7.11.4

2 11